-
Notifications
You must be signed in to change notification settings - Fork 400
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[aws] Don't index empty AWS Security Hub responses #9705
[aws] Don't index empty AWS Security Hub responses #9705
Conversation
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
🚀 Benchmarks reportTo see the full report comment with |
Thank you for this update. I would also love to see support for the integration to retrieve Managed Security Hub insights |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lgtm
|
💚 Build Succeeded
History
|
Package aws - 2.15.1 containing this change is available at https://epr.elastic.co/search?package=aws |
Set `response.split.ignore_empty_value: true` for splitting responses from AWS Security Hub, to avoid indexing the empty wrapper document when the Insights or Findings list is empty. The [`response.split` documentation][1] says: > If the split target is empty the parent document will be kept. > If documents with empty splits should be dropped, the > `ignore_empty_value` option should be set to `true`. [1]: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#response-split
Proposed commit message
Checklist
changelog.yml
file.